Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Microsoft Confirms Code Execution Hole in IE

A security advisory from Redmond acknowledges that an Internet Explorer vulnerability could be potentially exploited by malicious hackers to take "complete control of the affected system."

Microsoft late Thursday confirmed a security flaw in its dominant Internet Explorer browser could be potentially exploited by malicious hackers to take "take complete control of the affected system."

The software giant released a security advisory acknowledging the vulnerability and recommended that IE users set Internet and local intranet security zone settings to "High" before running ActiveX controls in these zones.

Microsoft Corp.s confirmation comes less than 24 hours after private security research firm SEC Consult published a working exploit to show that the bug could be exploited to crash the browser or execute arbitrary code in the context of IE.

Further reading

Microsoft said it was not aware of any attacks attempting to use the reported vulnerability or customer impact and promised a patch would be made available once an investigation is completed.

"A COM object, javaprxy.dll, when instantiated in Internet Explorer can cause Internet Explorer to unexpectedly exit. We are investigating a potentially exploitable condition," Microsoft said in the advisory.

The company said a successful attacker could exploit the flaw by creating a malicious Web page and persuading the user to visit the page.

"An attacker could also attempt to compromise a Web site to have it display a Web page with malicious content to try to exploit this vulnerability."

Microsoft accused SEC Consult of publishing details and proof-of-concept that put customers at risk. However, the research outfit said it only posted the details after Microsoft said it could not confirm the existence of the flaw.

"Microsoft [did] not confirm the vulnerability, as their product team can not reproduce condition," SEC Consult said in an advisory. After the publication of SEC Consults advisory, Microsoft later reproduced the issue and posted its advisory.

"Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High. If no slider is visible, click Default Level, and then move the slider to High."